PPTPServer在UBUNTU下的配置

53 阅读 0 评论 35 点赞

我是靠谱客的博主洁净水池，最近开发中收集的这篇文章主要介绍PPTPServer在UBUNTU下的配置，觉得挺不错的，现在分享给大家，希望可以做个参考。

概述

大纲：

1 在10.3.105.4 ubuntu14.04 上配置PPTPD服务端

2 在10.3.105.140 ubuntu14.04 上配置PPTPD客户端

3 在10.3.105.90 windows7 上配置PPTPD客户端

参考资料：

https://help.ubuntu.com/community/PPTPServer

PPTPServer - Community Help Wiki.pdf

在Ubuntu上安装PPTP VPN服务.pdf

第一部分 服务端配置

First we need to install pptp server using apt-get

# sudo apt-get install pptpd

Then we need to configure the pptpd.

# sudo nano /etc/pptpd.conf

Add server IP and client IP at the end of the file. You can add like below:

localip 192.168.0.1

remoteip 192.168.0.100-200

This sets up the PPTP server to use IP 192.168.0.1 while distributing the IP range 192.168.0.100 to 192.168.0.200 to PPTP clients.

Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.

Configure DNS servers to use when clients connect to this PPTP server

# sudo nano /etc/ppp/pptpd-options

Uncomment the ms-dns and add google like below or OpenDNS

ms-dns 8.8.8.8

ms-dns 8.8.4.4

Now add a VPN user in /etc/ppp/chap-secrets file.

# sudo nano /etc/ppp/chap-secrets

The column is username. Second column is server name, you can put “pptpd” in there. Third column is password. The last column is

the IP addresses, you can put * to allow all IP.

# client server secret IP addresses

username * myPassword *

Finally start your server

# /etc/init.d/pptpd restart

Setup IP Forwarding

To enable IPv4 forward. Change /etc/sysctl.conf file, add forward rule below.

# sudo nano /etc/sysctl.conf

Uncomment the line

net.ipv4.ip_forward=1

Then reload the configuration

sudo sysctl -p

Add forward rule in iptables

# sudo nano /etc/rc.local

adding to the bottom just before the exit 0

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356

This example is using 192.168.0 for its PPTP subnet. The second rule adjusts the MTU size :

You are done. Just reboot your server and you should be able to connect to using PPTPD and send all your traffic through this server.

第二部分 ubuntu客户端验证

参考文档：Ubuntu通过PPTP协议使用VPN.pdf

操作日志：

52 apt list pptp-linux

53 route -n

54 ip route

55 pptpsetup --create myvpn --server 10.3.105.4 --username test --password 123 --encrypt --start

56 cd /etc/ppp/peers/

63 cat myvpn

64 ip a

65 cd ..

66 ls

67 cat chap-secrets

68 which traceroute

69 apt list traceroute

70 apt install traceroute

71 which traceroute

72 traceroute www.bing.com

73 route -n

74 ip route

75 poff myvpn

76 ip a

77 history

root@slave1:~#

root@slave1:~# pon myvpn

root@slave1:~# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 08:00:27:84:53:65 brd ff:ff:ff:ff:ff:ff

inet 10.3.105.140/24 brd 10.3.105.255 scope global eth0

valid_lft forever preferred_lft forever

inet6 fe80::a00:27ff:fe84:5365/64 scope link

valid_lft forever preferred_lft forever

4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN group default qlen 3

link/ppp

inet 192.168.0.235 peer 192.168.0.1/32 scope global ppp0

valid_lft forever preferred_lft forever

root@slave1:~#

root@slave1:~# traceroute www.bing.com

traceroute to www.bing.com (202.89.233.101), 30 hops max, 60 byte packets

1 bogon (10.3.105.254) 6.987 ms 7.080 ms 7.086 ms

2 bogon (10.2.0.1) 3.894 ms 3.987 ms 3.989 ms

3 hn.kd.ny.adsl (218.29.137.73) 3.989 ms 3.987 ms 3.853 ms

4 pc85.zz.ha.cn (61.168.8.85) 7.426 ms 7.405 ms 7.379 ms

5 pc69.zz.ha.cn (61.168.195.69) 9.448 ms pc133.zz.ha.cn (61.168.253.133) 24.774 ms pc77.zz.ha.cn (61.168.195.77) 10.334 ms

6 219.158.98.177 (219.158.98.177) 26.707 ms 24.809 ms 219.158.14.205 (219.158.14.205) 11.493 ms

7 124.65.194.82 (124.65.194.82) 24.912 ms 219.158.21.57 (219.158.21.57) 26.924 ms 26.901 ms

8 124.65.56.182 (124.65.56.182) 21.248 ms 124.65.194.82 (124.65.194.82) 23.781 ms 124.65.56.182 (124.65.56.182) 16.410 ms^C

root@slave1:~#

root@slave1:~# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 10.3.105.254 0.0.0.0 UG 0 0 0 eth0

10.3.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

10.3.105.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0

192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0

root@slave1:~#

我们发现默认路由是指向eth0。

下面修改路由配置：

#修改路由命令

root@slave1:~# ip route del default

root@slave1:~# ip route add default dev ppp0

root@slave1:~#

root@slave1:~# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

10.3.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

10.3.105.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0

192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0

root@slave1:~#

root@slave1:~# ip route

default dev ppp0 scope link

10.3.105.0/24 dev eth0 proto kernel scope link src 10.3.105.140

10.3.105.4 dev eth0 scope link src 10.3.105.140

169.254.0.0/16 dev eth0 scope link metric 1000

192.168.0.1 dev ppp0 proto kernel scope link src 192.168.0.235

root@slave1:~#

root@slave1:~# traceroute www.bing.com

traceroute to www.bing.com (202.89.233.101), 30 hops max, 60 byte packets

1 bogon (192.168.0.1) 4.824 ms 4.966 ms 4.399 ms

2 * * *

3 bogon (10.2.0.1) 6.225 ms 5.586 ms 5.665 ms

4 hn.kd.ny.adsl (218.29.137.73) 8.696 ms 12.815 ms 12.217 ms

5 pc85.zz.ha.cn (61.168.8.85) 12.999 ms 12.401 ms 11.912 ms

6 pc133.zz.ha.cn (61.168.253.133) 30.627 ms pc73.zz.ha.cn (61.168.195.73) 17.468 ms pc129.zz.ha.cn (61.168.253.129) 18.783 ms

7 219.158.21.121 (219.158.21.121) 18.999 ms 219.158.14.225 (219.158.14.225) 8.762 ms 219.158.14.205 (219.158.14.205) 12.403 ms

8 219.158.21.57 (219.158.21.57) 23.827 ms 124.65.194.82 (124.65.194.82) 24.041 ms 219.158.21.57 (219.158.21.57) 27.289 ms

9 124.65.194.82 (124.65.194.82) 27.393 ms 27.290 ms 124.65.56.182 (124.65.56.182) 15.798 ms

10 * * 61.148.6.18 (61.148.6.18) 23.067 ms

11 61.148.60.134 (61.148.60.134) 19.297 ms 56.031 ms 18.564 ms

12 103.255.142.7 (103.255.142.7) 23.481 ms 25.628 ms 104.44.212.21 (104.44.212.21) 18.434 ms

13 * * 104.44.212.20 (104.44.212.20) 26.012 ms

14 * * *

15 * * *

16 * * *^C

root@slave1:~#

查看第一跳，localhost (192.168.0.1)，已经通过VPN实现路由。

停止VPN

poff myvpn

重置路由

ip route add default via 10.3.105.254

操作记录如下：

root@slave1:~# poff myvpn

root@slave1:~# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 08:00:27:84:53:65 brd ff:ff:ff:ff:ff:ff

inet 10.3.105.140/24 brd 10.3.105.255 scope global eth0

valid_lft forever preferred_lft forever

inet6 fe80::a00:27ff:fe84:5365/64 scope link

valid_lft forever preferred_lft forever

root@slave1:~# ip route

10.3.105.0/24 dev eth0 proto kernel scope link src 10.3.105.140

10.3.105.4 dev eth0 scope link src 10.3.105.140

169.254.0.0/16 dev eth0 scope link metric 1000

root@slave1:~#

root@slave1:~# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

10.3.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

10.3.105.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0

root@slave1:~#

root@slave1:~# traceroute www.bing.com

www.bing.com: Name or service not known

Cannot handle "host" cmdline arg `www.bing.com' on position 1 (argc 1)

root@slave1:~# ip route add default via 10.3.105.254

root@slave1:~# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 10.3.105.254 0.0.0.0 UG 0 0 0 eth0

10.3.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

10.3.105.4 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0

root@slave1:~# traceroute www.bing.com

traceroute to www.bing.com (202.89.233.101), 30 hops max, 60 byte packets

1 bogon (10.3.105.254) 1.442 ms 1.925 ms 2.116 ms

2 bogon (10.2.0.1) 3.311 ms 4.933 ms 3.587 ms

3 hn.kd.ny.adsl (218.29.137.73) 8.442 ms 8.362 ms 8.263 ms

4 pc85.zz.ha.cn (61.168.8.85) 5.363 ms 5.172 ms 4.808 ms

5 pc73.zz.ha.cn (61.168.195.73) 12.884 ms^C

root@slave1:~#

root@slave1:~# ping www.bing.com

PING cn.a-0001.a-msedge.net (202.89.233.101) 56(84) bytes of data.

64 bytes from 202.89.233.101: icmp_seq=1 ttl=114 time=24.8 ms

--- cn.a-0001.a-msedge.net ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 24.844/24.844/24.844/0.000 ms

root@slave1:~#

第三部分 windows7客户端验证

这样的结果是所有流量，都走VPN了。

如果要区分内外网，需要参考《chnroutes使用方法.pdf》

https://code.google.com/p/chnroutes/wiki/Usage

Windows

1. 下载 chnroutes.py

2. 从终端进入下载目录, 执行python chnroutes.py -p win, 执行之后会生成vpnup.bat和vpndown.bat两个文件.

由于windows上的pptp不支持拨号脚本, 所以也只能在进行拨号之前手动执行vpnup.bat文件以设置路由表. 而在断开

vpn之后, 如果你觉得有必要, 可以运行vpndown.bat把这些路由信息给清理掉.

如果机器上没有安装python, 可以直接从下载页面上下载已经预生成的bat文件.

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/271063/viewspace-1870817/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/271063/viewspace-1870817/

最后

以上就是洁净水池为你收集整理的PPTPServer在UBUNTU下的配置的全部内容，希望文章能够帮你解决PPTPServer在UBUNTU下的配置所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。

本图文内容来源于网友提供，作为学习参考使用，或来自网络收集整理，版权属于原作者所有。

本文分类：Other
浏览次数：53 次浏览
发布日期：2024-01-27 17:56:18
本文链接：https://www.kaopuke.com/article/k-p-k_13_u_23_okf4_14_z_6_0.html

PPTPServer在UBUNTU下的配置

概述

最后

评论列表共有 0 条评论

发表评论取消回复

PPTPServer在UBUNTU下的配置

概述

最后

相关文章

评论列表共有 0 条评论

发表评论 取消回复

发表评论取消回复